lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081216044701.1345.qmail@securityfocus.com> Date: 16 Dec 2008 04:47:01 -0000 From: martin@...dle.com To: bugtraq@...urityfocus.com Subject: Re: Re: Moodle 1.9.3 Remote Code Execution Similar hacks have been discussed here: http://moodle.org/mod/forum/discuss.php?d=111710#p490453 Affected sites seem to be all running PHP with register_global turned on, which is a really bad idea and not recommended by Moodle.